CVE-2005-2413 - Vulnerability Details - OpenCVE

PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in Atomic Photo Album (APA) allows remote attackers to execute arbitrary PHP code via the apa_module_basedir parameter.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Atomic Photo Album	Atomic Photo Album

Configuration 1 [-]

OR	cpe:2.3:a:atomic_photo_album:atomic_photo_album:1.0:::::::*
	cpe:2.3:a:atomic_photo_album:atomic_photo_album:1.0.1:::::::*
	cpe:2.3:a:atomic_photo_album:atomic_photo_album:1.0.2:::::::*
	cpe:2.3:a:atomic_photo_album:atomic_photo_album:1.0.3:::::::*
	cpe:2.3:a:atomic_photo_album:atomic_photo_album:1.0.4:::::::*
	cpe:2.3:a:atomic_photo_album:atomic_photo_album:1.0.5:::::::*
	cpe:2.3:a:atomic_photo_album:atomic_photo_album:1.1.0_pre1:::::::*
	cpe:2.3:a:atomic_photo_album:atomic_photo_album:1.1.0_pre2:::::::*
	cpe:2.3:a:atomic_photo_album:atomic_photo_album:1.1.0_pre3:::::::*
	cpe:2.3:a:atomic_photo_album:atomic_photo_album:1.1.0_pre4:::::::*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=112230428725189&w=2
http://secunia.com/advisories/16201
http://securitytracker.com/id?1014569
http://www.osvdb.org/18265
http://www.securityfocus.com/bid/14368
https://exchange.xforce.ibmcloud.com/vulnerabilities/21562

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-08-03T04:00:00

Updated: 2024-08-07T22:22:49.165Z

Reserved: 2005-08-03T00:00:00

Link: CVE-2005-2413

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2005-08-03T04:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2005-2413

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-07-23T00:00:00", "descriptions": [{"lang": "en", "value": "PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in Atomic Photo Album (APA) allows remote attackers to execute arbitrary PHP code via the apa_module_basedir parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20050723 Atomic Photo Album (APA) apa_phpinclude.inc.php remote file include", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=112230428725189&w=2"}, {"name": "apa-apaphpinclude-file-include(21562)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21562"}, {"name": "1014569", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1014569"}, {"name": "18265", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/18265"}, {"name": "16201", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/16201"}, {"name": "14368", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/14368"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-2413", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in Atomic Photo Album (APA) allows remote attackers to execute arbitrary PHP code via the apa_module_basedir parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20050723 Atomic Photo Album (APA) apa_phpinclude.inc.php remote file include", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=112230428725189&w=2"}, {"name": "apa-apaphpinclude-file-include(21562)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21562"}, {"name": "1014569", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1014569"}, {"name": "18265", "refsource": "OSVDB", "url": "http://www.osvdb.org/18265"}, {"name": "16201", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/16201"}, {"name": "14368", "refsource": "BID", "url": "http://www.securityfocus.com/bid/14368"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T22:22:49.165Z"}, "title": "CVE Program Container", "references": [{"name": "20050723 Atomic Photo Album (APA) apa_phpinclude.inc.php remote file include", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=112230428725189&w=2"}, {"name": "apa-apaphpinclude-file-include(21562)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21562"}, {"name": "1014569", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1014569"}, {"name": "18265", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/18265"}, {"name": "16201", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/16201"}, {"name": "14368", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/14368"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-2413", "datePublished": "2005-08-03T04:00:00", "dateReserved": "2005-08-03T00:00:00", "dateUpdated": "2024-08-07T22:22:49.165Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:atomic_photo_album:atomic_photo_album:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "02B8363D-96B3-4A50-8696-10D37F9ACDB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:atomic_photo_album:atomic_photo_album:1.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "3E281306-8908-41D4-82A4-128D6B0AA8A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:atomic_photo_album:atomic_photo_album:1.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "B7E37F83-12C3-48E4-906E-B879C5D1ABE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:atomic_photo_album:atomic_photo_album:1.0.3:*:*:*:*:*:*:*", "matchCriteriaId": "28113521-EE23-4BDA-89D3-3772641909B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:atomic_photo_album:atomic_photo_album:1.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "4273D7C0-3C38-4433-9D13-D42C4872D978", "vulnerable": true}, {"criteria": "cpe:2.3:a:atomic_photo_album:atomic_photo_album:1.0.5:*:*:*:*:*:*:*", "matchCriteriaId": "54BECF11-C4A9-4470-8F47-909779FEEC07", "vulnerable": true}, {"criteria": "cpe:2.3:a:atomic_photo_album:atomic_photo_album:1.1.0_pre1:*:*:*:*:*:*:*", "matchCriteriaId": "B73FF839-330A-4C2B-BB1A-9995DB7EACD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:atomic_photo_album:atomic_photo_album:1.1.0_pre2:*:*:*:*:*:*:*", "matchCriteriaId": "C9E53952-5184-4A87-8BC1-9ABC1529D281", "vulnerable": true}, {"criteria": "cpe:2.3:a:atomic_photo_album:atomic_photo_album:1.1.0_pre3:*:*:*:*:*:*:*", "matchCriteriaId": "EB359041-3C3F-4D17-996A-9807CAF0392A", "vulnerable": true}, {"criteria": "cpe:2.3:a:atomic_photo_album:atomic_photo_album:1.1.0_pre4:*:*:*:*:*:*:*", "matchCriteriaId": "D3D1795D-E84D-4C6F-BBDF-16D8956F66E2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in Atomic Photo Album (APA) allows remote attackers to execute arbitrary PHP code via the apa_module_basedir parameter."}, {"lang": "es", "value": "Vulnerabilidad de inclusi\u00f3n de fichero remoto PHP en apa_phpinclude.inc.php en Atomic Photo Album (APA) permite que atacantes remotos ejecuten c\u00f3digo PHP arbitrario mediante el par\u00e1metro \"apa_module_basedir\"."}], "id": "CVE-2005-2413", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-08-03T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=112230428725189&w=2"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/16201"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1014569"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/18265"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/14368"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21562"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=bugtraq&m=112230428725189&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/16201"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1014569"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/18265"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/14368"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21562"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}